Configure User Registration
Step 1 - Configure the Email Server
The user registration system requires an SMTP server in order to send emails during the registration process (for example to validate a user's email address) as well as for the "forgot password" feature.
The SMTP server must allow forwarding to any domain that is to be supported for registration. If authentication is used, the account must also have permission to forward to the required domains.
To configure this, add the following section to the SuperADMIN local.conf configuration file. If you installed to the default directory, this file is located in C:\ProgramData\STR\SuperADMIN\server\config\local.conf.
str.superadmin {
email {
smtpHost: "localhost"
smtpPort: 25
startTls: false
auth {
enabled: false
username: "changeme"
password: "changeme"
}
debug: false
}
}You will need to modify this to match the appropriate values for your SMTP server:
- Replace
localhostwith the hostname of your SMTP server. - Change the port number if necessary.
- If your SMTP server requires authentication, set the appropriate username and password and change
enabledtotrue.
When you have finished making changes, restart the SuperADMIN/SuperSERVER service.
Step 2 - Configure Groups for Registered Users
The user registration system can automatically add new registered users to one or more user groups. This allows you to set some default permissions for newly registered users (including the datasets they can access) and allow users to login immediately after registering. To configure this:
Create a group in SuperADMIN for registered users. For example:
CODEaccount creategroup RegisteredUsers- Set the catalogue permissions for this group to an appropriate level for new users. You should ensure that they have access to at least one dataset otherwise they will not be able to log in to SuperWEB2.
Configure the user registration system to add new users to this group using the following command in SuperADMIN:
CODEcfg global superadmin.selfreg.addToGroups set ["RegisteredUsers"]Replace
RegisteredUserswith the name of the group you created in the previous step.You can have registered users added to multiple groups if you wish. Simply list all of the groups separated by commas. For example:cfg global superadmin.selfreg.addToGroups set ["RegisteredUsers", "AnotherGroup", "ThirdGroup"]
Make sure you configure the group to have read access to at least one dataset. If newly registered users are not added to a group with access to at least one dataset then they will not be able to log in to SuperWEB2 until their permissions are manually changed.
Step 3 - Required Configuration Adjustments
Set the From Address
By default, emails will be sent from the address changeme@changeme.spacetimeresearch.com. You should change this to a real email address for your organisation. To do so, run the following command in SuperADMIN:
cfg global superadmin.selfreg.email.fromAddress set <new_email_address>Replace <new_email_address with the email address you want to use, enclosed in double quotes. For example:
cfg global superadmin.selfreg.email.fromAddress set "registrations@mycompany.com"Set the Base URL for Links
The email templates contain a number of links which allow users to verify their email address and continue the process. By default, the base URL of these links is set to http://localhost:8080/webapi/jsf/user.
Use the following command in SuperADMIN to change this to match the URL of your deployment:
cfg global superadmin.selfreg.webClient.root set <url>/webapi/jsf/userFor example:
cfg global superadmin.selfreg.webClient.root set "https://mydomain/webapi/jsf/user"Set the User Registration API URL
The user registration process needs to communicate with SuperADMIN to complete the account creation process. To do this it sends messages to a SuperADMIN REST endpoint, so it needs to know where SuperADMIN is running.
You must run the following command in SuperADMIN to set the root URL for the SuperADMIN REST endpoint:
cfg global superadmin.selfreg.publicAPI.root set <url>:<port>Replace <url> with an address that resolves to the machine running SuperADMIN. The standard port number is 9001.
For example:
cfg global superadmin.selfreg.publicAPI.root set "https://mysuperadminserver:9001"The REST endpoint needs to be publicly accessible, so you must ensure that port 9001 on this machine is accessible. This is a new firewall requirement introduced with the user registration system. See Port Usage for more details.
Step 4 - Optional Configuration Adjustments
The following are some optional adjustments you may wish to make. Refer to the detailed instructions for more details:
| Change the email templates | Default email templates are provided, but you will probably want to modify these to add your own branding and messaging. | Customise Email Templates |
|---|---|---|
| Update the support email link in error message | A number of error messages relating to user registrations include a support email link. By default this is set to use a dummy email address (support@example.com). You should change all instances to an appropriate support email for your organisation. | Add your Support Contact Email to Error Messages |
| Configure rate limiting and token duration | You may wish to configure rate limiting (to limit the number of emails that can be sent to any given email address within a specified time) and the length of time that a verification email link will be valid for. | Rate Limiting and Token Duration |
Step 5 - Enable User Registration
The user registration system is not enabled by default. To activate it, you need to change a setting in the configuration.properties file:
- Open <tomcat_home>\webapps\webapi\WEB-INF\classes\configuration.properties in a text editor.
Set
global.enableUserRegistrationtotrue:CODE# Boolean. Default false. global.enableUserRegistration=trueSave your changes and restart Tomcat or the SuperWEB2 service.